[IP] more on Fatal Flaw Weakens RFID Passports

To: ip@xxxxxxxxxxxxxx
Subject: [IP] more on Fatal Flaw Weakens RFID Passports
From: David Farber <dave@xxxxxxxxxx>
Date: Thu, 3 Nov 2005 17:53:43 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <6.2.0.14.2.20051103130800.02d386e8@xxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Ross Stapleton-Gray <ross@xxxxxxxxxxxxxxxxxx>
Date: November 3, 2005 4:14:49 PM EST
To: dave@xxxxxxxxxx
Subject: Re: [IP] Fatal Flaw Weakens RFID Passports

At 12:47 PM 11/3/2005, Bruce Schneier wrote:

The State Department has done a great job addressing specificsecurity and privacy concerns, but its lack of technical skills ishurting it. The collision-avoidance ID is just one example ofwhere, apparently, the State Department didn't have enough of theexpertise it needed to do this right.
Of course it can fix the problem, but the real issue is how manyother problems like this are lurking in the details of its design?We don't know, and I doubt the State Department knows either. Theonly way to vet its design, and to convince us that RFID isnecessary, would be to open it up to public scrutiny.

I think there's a lot of whistling in the dark as regards whathappens when both RFID and tags become much more pervasive; it's nothard to imagine that there will be tipping points when the RFenvironment becomes sufficiently "chatty" to support makinginferences on what's observable by third parties.

We've just published a white paper, "RFID: Airport Greeters and AmberAlerts," on several scenarios for RFID-based monitoring, on the themeof 3rd-party collection: http://www.stapleton-gray.com/papers/scenarios.pdf

I'd suggest that some of the things we're seeing with cell phones,e.g., the deployment of traffic intuiting systems in Missouripreviously documented on the IP list (gauging auto traffic bymonitoring cell handoffs), or the work done at the MIT Media Lab intheir Reality Mining project (http://reality.media.mit.edu/), will beall the more possible with RFID, due to the "rampant promiscuity" ofthe technology.


Ross



----
Ross Stapleton-Gray, Ph.D.
Stapleton-Gray & Associates, Inc.
http://www.stapleton-gray.com
http://www.sortingdoor.com




-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on Peter Swire on why Alito's co-authored report isn't very informative [priv]
Next by Date: [IP] Mike Malone on Forbes' anti-blog cover
Previous by thread: [IP] more on Peter Swire on why Alito's co-authored report isn't very informative [priv]
Next by thread: [IP] Mike Malone on Forbes' anti-blog cover
Index(es):
- Date
- Thread